Re: Row-Level Security

2009/12/14 KaiGai Kohei <kaigai@ak.jp.nec.com>:
> IIRC, one headache issue is that user may provide well indexable conditions,
> such as "SELECT * FROM view_x WHERE id = 1234". In this case, if we strictly
> keep the order of evaluation between inside and outside of the view, its
> performance penalty will over reasonable tradeoff to the better security.

If you don't allow the indexable qual to be pushed down into the view
in this situation, performance will be wretched.  I think we need to
distinguish between trusted and untrusted operations.  Everything in
the view definition is trusted.  And some other things... perhaps
access methods and some/most/all system catalog functions... are
trusted.  Other stuff is untrusted, and can't be pushed down.

I think there was a previous discussion of this when Heikki first
posted the issue to -hackers.

...Robert